Overview and usage scenarios of certificate application repository - Certificate Management Service

You can use the certificate application repository feature to classify certificates from different data sources, including Alibaba Cloud certificates and local certificates. This way, you can manage certificates in a convenient and efficient manner. You can also use certificate application repository-related API operations to encrypt, decrypt, or sign sensitive data files, such as electronic contracts and invoices, or verify signatures. This helps ensure the authenticity, integrity, and security of the data files.

The following table describes the common scenarios of the certificate application repository feature to help you quickly get started with it.

Scenario	Description	References
Classify and manage Alibaba Cloud or local certificates	Alibaba Cloud allows you to classify and manage certificates from the following sources: Uploaded certificates (local user certificates) Uploaded certificate authority (CA) certificates (local root certificates and intermediate certificates) Alibaba Cloud private CA certificates (private root certificates and intermediate certificates) Alibaba Cloud private certificates [not supported on the international website (alibabacloud.com)] Alibaba Cloud compliant certificates [not supported on the international website (alibabacloud.com)] After you create a certificate application repository of a specific source, you can manage certificates in the certificate application repository by using the Certificate Management Service console or calling API operations.	Manage certificates in a certificate application repository
HTTPS mutual authentication for Alibaba Cloud services	You can use certificates in a certificate application repository when you configure HTTPS mutual authentication for Alibaba Cloud services, such as load balancing services and Anti-DDoS. Uploaded certificates: You can upload local certificates to a certificate application repository, and then select the required certificate for the corresponding cloud service. Private certificates: The system pulls private certificates in all Alibaba Cloud regions, and then you can select the required certificate for the corresponding cloud service.	Manage certificates in a certificate application repository
Generate and verify signatures	You can use certificates in a certificate application repository to sign electronic contracts, electronic invoices, and office automation (OA) approvals and verify signatures by calling the certificate application repository APIs.	Sign - Signs a private certificate in a certificate application repository Verify - Verifies the signature of a private certificate in a certificate application repository
Encrypt and decrypt data	You can use certificates in a certificate application repository to encrypt or decrypt data by calling certificate application repository-related API operations. Note The Rivest-Shamir-Adleman (RSA) and SM2 encryption algorithms are supported.	Encrypt - Encrypts a certificate in a certificate repository Decrypt - Decrypts a certificate in a certificate repository

Note

The first time you create a certificate application repository, Alibaba Cloud provides a quota of 100 for you to call certificate application repository-related API operations free of charge. The quota is consumed when you call operations for signature generation, signature verification, data encryption, and data decryption. If the quota is exhausted, you can purchase an additional API call quota. For more information, see Purchase an API call quota for certificate application repository.